HTTP a barrier to Web services?

A bedrock of the Internet, HTTP is reaching its limitations and posing a major challenge for Web services, peer-to-peer applications and even security, according to a Microsoft architect.

17 March 20029:30 am GMT

LONDON--A Microsoft .Net architect says HTTP is reaching its limitations and will eventually pose a challenge for Web services, peer-to-peer applications and even security.

Delivering the keynote speech at European DevWeek 2002 here Tuesday, Don Box, an architect for Microsoft's .Net Developer Platform team, said a replacement for HTTP (Hypertext Transfer Protocol) eventually will have to be found, but it is not clear who will provide this replacement.

HTTP is used by virtually every Web page on the Internet. It is the mechanism a browser uses to send a request to a server on the Internet and then receive the response.

Box noted that there is nothing wrong with the protocol per se, as its ubiquity and high dependability mean it is the only way to make a reliable connection over the Internet.

"If people can't search the Web, they call the IT department," he said. "So the IT department makes sure HTTP is always working. We have engineered the hell out of it."

So much so that Box said he thinks of HTTP as the "cockroach of the Internet" because "after the holocaust, it will be the only protocol left standing."

He said we can't stay on the protocol forever, though, despite all the investments and engineering that have gone into it. Among the problems with HTTP, Box said, is that it's an RPC (Remote Procedure Call) protocol. One program, such as a browser, uses an RPC protocol to request a service from another program located in another computer in a network, such as the server, without having to understand network details.

This works for small transactions such as asking for Web pages. But when Web services start running transactions that take some time to complete over the protocol, the model fails.

"If it takes three minutes for a response, it is not really HTTP anymore," Box said.

He added that intermediaries--the companies that own the routers and cables between the client and server--will not allow single transactions that take this long.

"We have to do something to make (HTTP) less important," Box said. "If we rely on HTTP, we will melt the Internet. We at least have to raise the level of abstraction so that we have an industrywide way to do long-running requests--I need a way to send a request to a server" and not have to wait five days for the result.

Another problem with the protocol is that it is asymmetric, Box said.

"Only one entity can initiate an exchange over HTTP; the other entity is passive and can only respond. For peer-to-peer applications this is not really suitable," he said, adding that peer-to-peer applications work today because programmers create hacks to get around the limitations of the protocol.

"It's all hackery, it's all ad-hoc, and none of it is interoperable," he said.

There are efforts to address the shortcomings of the protocol. Several working groups are focusing on the problem at the World Wide Web Consortium (W3C), the organization responsible for Web standards. Microsoft is among the companies working on the problem as well, although Box said the software giant is unlikely to succeed alone.

"Microsoft has some ideas (on how to break the independence on HTTP), IBM has some ideas, and others have ideas," he said. But "if one vendor does it on their own, it will simply not be worth the trouble."